Security Vendors Growing in Response to Today's Threats

Dangers from both within and without make today's security landscape a treacherous one, but one with ample opportunity for security vendors. This is especially true now that the ugly aftermath of last holiday season's Target data breach and the data breaches that hit organizations like JPMorgan Chase, the University of North Carolina at Chapel Hill, and the Washington Post, all in December alone, have put enterprise security back in the spotlight. And that's not even taking Edward Snowden into account. Meanwhile, enterprise data environments are growing more complex and more distributed, increasing the challenges of security. In an environment with pressures this intense, how are security vendors adapting? For some, growth is key.

Earlier this month, Orange Business Services announced its acquisition of French IT identity and security management firm Atheos for an undisclosed amount. Already a titan, with services in 220 nations and territories, staff in 160, and a focus on governments and large enterprise, Orange Business Services, the MSP subsidiary of French telecom Orange S.A., plans to integrate Atheos into the new Orange Cyberdefense brand. This will make Orange Cyberdefense "the largest cyberdefense company in Europe," according to an Orange Business Services statement.

"Our clients know that they may be the target of an attack some day, and they feel that in spite of all the efforts that they have already made to improve their security level, they may not be sufficiently prepared to react efficiently and rapidly when such an attack happens," Nicolas Furgé, head of security services at Orange Business Services, told me.

To assist those clients in preparing for attacks, Orange Cyberdefense will combine Atheos's advanced access control, DLP, and attack detection, analysis, and response capabilities with Orange's global reach and decade of experience in cybersurveillance. "The important thing is not so much the vulnerabilities themselves as the ability to detect the moment when such vulnerabilities are being exploited by an enemy, and the ability to react very rapidly in such a case," Furgé said.

In such a case, how much does size matter? Plenty, according to Orange. When it comes to protecting large enterprises wherever they operate, "there are few players that combine our experience, expertise, and geographical scope," Furgé said.

Cloud Security Spurs Growth: Alert Logic Posts Record Growth

While Orange Cyberdefense builds on its impressive global footprint, other vendors credit their growth to the cloud. In 2013, security-as-a-service vendor Alert Logic posted record numbers, exceeding its $50 million goal for the year and increasing its annual revenue by 42 percent over 2012. The company also released public cloud security solutions for AWS and Windows Azure and integrated its agentless security offering with VMware's NSX network virtualization platform.

Alert Logic specializes in a combination of native security and compliance solutions for cloud-based applications with security analytics and research delivered as a service. Like Orange, the company claims more comprehensive protection than the competition. "Most competitors deliver some, but not all, of these capabilities but do not have the holistic solution for cloud-based security and compliance," Alert Logic CEO Gray Hall told me.

Looking ahead at 2014, Hall said that Alert Logic will continue to capitalize on the demand "in all industry segments for cloud security solutions that really work."

"Our target market is large enough to maintain, or even increase, our historical growth rate for many years," Hall said. And to support that growth, he added, "we now have the resources, breadth, and technical depth to continue improving our degree of innovation and new product launches. 2013 was our best year ever in bringing new products to market, and I expect 2014 to be even better."

Big Investors and Big Customers Lead to Big Gains: HyTrust Grows over 350 Percent in a Year

Last year, cloud and virtualization security vendor HyTrust grew by both acquisition and sales and picked up some new investors, too. Focusing tightly on visibility, role management, and administrative controls within virtual infrastructures, HyTrust touts its ability to protect customers as much from insider threats as from outsiders.

The focus on control looks to have worked well for the company in 2013. HyTrust grew over 350 percent and added customers from the Global 1000 in verticals like financial services, health care, technology, and government, according to Eric Chiu, HyTrust president and co-founder. An oversubscribed Series C funding round brought in $18.5 million in investments, with Intel, Cisco and VMware among the investors, and the acquisition of HighCloud Security brought cloud encryption and key management to HyTrust's portfolio.

Chiu credits both the rise of virtualization and last year's "highly visible breaches"—from Edward Snowden to Target—for increased interest in solutions like HyTrust's. Those breaches, he said, brought "the realization that traditional perimeter-based security is not adequate and a new 'inside-out' approach to security is needed." In 2014, HyTrust plans to continue meeting that demand.

"We will continue to develop the role for HyTrust as a control point in the virtual infrastructure, including tighter integration with the HighCloud technology so that organizations can automate not only what their admins can and can't do but also automate policy to make sure data is secured as well," Chiu said. Additionally, HyTrust is working on "building out greater platform support to enable customers to have consistent control, visibility, and policy enforcement across heterogeneous private, hybrid, and public cloud environments," he said.

In nature as in technology, evolution is a long, incremental process. Sometimes, though, conditions are just right for an evolutionary leap. Could this be happening within the security space now? The globalization of enterprises, the increasing virtualization of network and data environments, and the constant threats of hacking and leaks put great pressure on the security space and give rise to bigger, better (one hopes) security solutions. And the software defined data centers and networks of the future are sure to drive even more innovation. Perhaps Orange Cyberdefense, Alert Logic, and HyTrust are a preview of what's yet to come: a security paradigm that's a whole different animal than what came before.